Building a custom approve rule in WSUS

On February 24, 2010, in Security, by

I want to build a rule that automatically approves the Update Rollup category of patches for Servers.  The reason is I want the Exchange updates to get approved (remember patches on the server get downloaded but not auto installed).  It pains me/annoys me/frustrates me/saddens me when people hit issues that can be addressed by updates that are there, but not installed.  The rollup patches for Exchange are this category.  And they are not getting installed on SBS boxes unfortunately.

So here’s how we do it.  We launch the native WSUS interface on the SBS 2008 box.  Click in the section of Automatic approvals and write a new automatic approval rule:

Click new rule

We’re going to add a rule for a specific classification

We’re going to set this rule for just the server category

Selecting the category

This is what the rule looks like

And we specify the name of the special rule

Click apply and then okay.

(testing this out at home to ensure it does what I think it will do, will report back tomorrow)


2 Responses to Building a custom approve rule in WSUS

  1. Jeff says:

    Great tip…curious to see how it goes. Does this apply to SBS 2003 boxes too?

  2. bradley says:

    If you’ve kept SBS 2003 up to date it has the same WSUS 3 under the hood. Exchange updates in 2003 era are not update rollups though as I recall. I’ll double check.